PIX config is not giving VPN clients a gateway address

I am using Cisco VPN client 4.6 and running PIX version  6.3(5). Everything with my vpn is working properly except that my VPN clients are not getting the Gateway pushed out to them, which is causing intermittent DNS issues. Here is a copy of the relevant parts from my PIX config. Please let me know what the command to add the gateway to clients would be or what else you may recommend. I will be looking into this myself and will post the solution if I beat you to the reply. Thanks in advance.

NDIFW# sho run
: Saved
PIX Version 6.3(5)
ip audit info action alarm
ip audit attack action alarm
ip local pool testPool
no pdm history enable
arp timeout 14400
global (outside) 1 interface
global (dmz) 1 netmask
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 1 0 0
nat (dmz) 0 access-list dmz_nat
nat (dmz) 1 0 0
route outside 1
route inside 1
route inside 1
route inside 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
aaa-server partnerauth protocol radius
aaa-server partnerauth max-failed-attempts 3
aaa-server partnerauth deadtime 10
aaa-server partnerauth (inside) host "" timeout 10
aaa authentication ssh console partnerauth
http server enable
http inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set clientset esp-3des esp-md5-hmac
crypto dynamic-map dynmap 30 set transform-set clientset
crypto map newmap 20 ipsec-isakmp dynamic dynmap
crypto map newmap client authentication partnerauth
crypto map newmap interface outside
isakmp enable outside
isakmp identity address
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
isakmp policy 20 authentication rsa-sig
isakmp policy 20 encryption 3des
isakmp policy 20 hash sha
isakmp policy 20 group 1
isakmp policy 20 lifetime 86400
vpngroup test address-pool testPool
vpngroup test dns-server
vpngroup test wins-server
vpngroup test default-domain test.com
vpngroup test split-tunnel ndigroup_splitTunnelAcl
vpngroup test idle-time 1800
vpngroup test password
telnet timeout 5
ssh inside
ssh timeout 60
management-access inside
console timeout 0
terminal width 80
: end
Who is Participating?
naveedbConnect With a Mentor Commented:
You want all the traffic to come throught the PIX? take out 'vpngroup test split-tunnel ndigroup_splitTunnelAcl' with

no vpngroup test split-tunnel ndigroup_splitTunnelAcl

This will make the tunnel gateway for all traffic from VPN clients.
NatldiagAuthor Commented:
I removed this command from my config and confirmed that the gateway is now being pushed out through the VPN client. I started to do a little research on this command, but still can not find out the benefit of it being put into my config in the first place, any ideas? I inherited this config. DNS is now resolving through VPN. Thanks for the help!
It is used for security reasons, if you want to limit access to your internetal network, you use the split-tunnel to define interesting traffic that will pass through the VPN tunnell. All other traffic will use Client's default gateway (commonly internet traffic).
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.